Molecular biologist Ian (played by Michael Pitt) stares at a billboard of a pair of green eyes in Mike Cahill’s “I Origins.” The film explores iris recognition technology, and a TEDx talk helped Cahill do research. Photo: Fox Searchlight

Mike Cahill’s new film I Origins is technically science fiction. But the technology in it is firmly rooted in reality.

A mind-twister of the highest order, I Origins tells the story of a molecular biologist, Ian (played by Michael Pitt), who studies the iris of the eye, a part that is unique for every individual. His lab partner makes a startling discovery—that a young girl in India has the exact same iris pattern as someone Ian loved deeply. It’s a statistical impossibility that leads him to wonder: Could this be reincarnation?

Cahill got the first tingle of the idea for this film after hearing the story of National Geographic’s “Afghan Girl.” Seventeen years after her haunting green eyes appeared on the cover, the magazine found her again—and made sure they had the right woman by giving her an iris scan. “I found that story so compelling,” says Cahill. “Soon after hearing that, I was on an island in Europe where there were these Roman ruins on the water. Alongside them, there were rocks with dinosaur footprints on them … It occurred to me that we didn’t discover dinosaurs until way after their civilization had risen and fallen. I wondered: What are our dinosaur footprints? That’s when I started to think, ‘Maybe it’s the eye.’”

As he was writing I Origins, which opens in New York and Los Angeles today, July 18, and across the U.S. the week after, Cahill did intensive research on iris-based identity authentication—he read every book and paper on the topic that he could find. And then, in his Googling, he discovered a talk given at TEDxKC by Jeff Carter, the chief technology officer of EyeLock. This New York-based company specializes in biometric technology like iris recognition systems.

Carter explains in the talk, “Today, your identity can be determined from across the room while you’re at a full run—even if you’re wearing a mask, or a wig, or sunglasses—with a one-in-a-quadrillion certainty that you are who you say you are.” Yipes. “This could mean no more credit cards, no more driver’s license, no more passports, no more user IDs or passwords, no more paper documents like voter registration cards or medical records.”

The talk captured Cahill’s imagination. “I was taken with how passionate and articulate Jeff was,” he says. “And the technology was just insane.”

Cahill reached out to EyeLock to ask if he could use their iris-based recognition system in the film. At first, EyeLock hesitated—they’d been approached by other film productions in the past, and didn’t love the idea of leaving the presentation of their technology in someone else’s hands. But when they realized that Cahill truly wanted their input—even on the film’s script—they agreed.

Soon after, Carter and his EyeLock team invited Cahill and others from I Origins to their office. Cahill remembers, “Jeff was really kind. He showed us all their technology. I’d read so much on it, but it was the first opportunity I’d had just to play with the toy. We saw demonstrations. As you approach a door, the door is like, ‘Hello, Mike Cahill,’ and then opens. You’ve seen Minority Report? They’ve figured out how to do that today.”

This system makes a cameo in the film—it’s what Ian uses to enter his laboratory—and Cahill loved using real technology in this way. “It adds an extra level of authenticity,” says Cahill. “For me, grounding it in real, existing technology allows the audience to believe that the whole thing is true … For scientific narratives, when an audience believes them, that is exhilarating. It’s like there’s a special door inside our hearts; the visceral feeling is that much stronger.”

EyeLock very much appreciated this grounded approach.

“This isn’t your traditional sci-fi movie. Honestly, it’s a love story at the heart of it,” says Carter. “What was really exciting for us was that [Mike] wasn’t thinking about iris technology as part of a dystopian-type world, and he wasn’t thinking about it as all the glory that you see painted in some sci-fi either. He was thinking about it as just … a part of life.”

In the cut of the film that screened at the Sundance Film Festival—which won the Alfred P. Sloan Feature Film Prize for an outstanding science or technology film—Carter’s TEDx talk appeared in the film, about two-thirds of the way in.

“It was originally in a scene whereIan is arriving in India. Jeff said, ‘Leonardo da Vinci believed that eyes are the window to the soul,’ and then goes into describing iris technology,” says Cahill. “I always loved that moment. But the problem was: it ended up being about two minutes’ worth of exposition in my third act. At that point, the audience knows what’s going on. You kind of want it to move along a little bit faster.”

While Carter’s talk no longer appears in the final cut of the film, you can watch part of the deleted scene above, courtesy of Fox Searchlight.

Iris biometrics sound futuristic, but the concept actually dates back quite far— Hippocrates even wrote about the uniqueness of the pattern of the iris. The first patent for iris recognition was issued in 1987, and the first algorithm to automate it was patented in 1991.

“They have [iris recognition] at some airports. I mean, it’s all over the place—a lot of people just don’t realize it,” says Cahill. “Seeing iris biometrics in the film may be an introduction to the technology for a lot of people.”

And while Carter is a little disappointed that his TEDx talk got cut from the final film, it’s this potential that has him really excited.

“I’ve been thinking about this for over 10 years, so for me, it’s really refreshing that it’s becoming so mainstream,” he says. “I feel pride that I was a small portion of Mike’s incredible vision. I feel a lot of pride that our technology is featured in the movie.”

As for where he hopes iris-based recognition systems will go from here, Carter sees wide-open possibilities—especially if people embrace the new technology.

“We are talking about embedding this into all manner of consumer electronic devices—in places you couldn’t even imagine,” says Carter. “An iris scan is really the ultimate in security. To give you an analogy—fingerprints would be the floppy disks; an iris scan is the solid-state hard drive.”

In 2010, the late security researcher — or as cybersecurity expert Keren Elazari would like you to call him, the late hacker — Barnaby Jack found a security flaw in two different models of automated teller machines (ATMs). Onstage at a tech security conference, he publicly demonstrated his ability to make these machines spit out paper money, Elazari says at TED2014. “Barnaby Jack could have easily turned to a career criminal,” she says, “but he chose to show the world his research instead. Sometimes you have to demo a threat to spark a solution.”

How we think about people like Jack is immensely complicated, Elazari says. Hackers scare us and fascinate us at once, and our reasons for these feelings are valid, she says, but we shouldn’t let fear get the best of us. “They scare us, but the choices they make have dramatic outcomes that influence us all,” Elazari says.

Yes, there are hackers doing things like stealing identities, leaking false information, and taking money that is not theirs, she says, but there are also hackers like Jack pointing out vulnerabilities in the devices we use to live, and doing things like fighting against government corruption and advocating for equal rights to privacy, security, and information. If we see hackers as only the bad guys, we are doing our society a disservice: risking ostracizing all those doing great things in the world, working to help us

Growing up idolizing hackers, with a special affinity for Angelina Jolie as Acid Burn in the movie Hackers, as a teenager Elazari ached to execute her own hacks. After her first break-in to a password-protected website, she felt a rush of power, she says, “like I had discovered limitless potential in my fingertips.” And that potential is the great and terrifying thing about hackers — their power for good or bad: “It’s geeks just like me discovering that they have access to a superpower, one that requires the skill and tenacity of their intellect.”

Like superheroes or supervillains, Elazari says, with hackers’ great power comes great responsibility (though not necessarily radioactive spiders.) “We all like to think that if we had such powers we’d only use them for good,” she says, “[but] what if you could read your ex’s emails, or add a couple of zeros to your bank account?” she asks. Would you do it? Hackers have to face that choice every day, and though several of them choose to do malicious things with their power, many instead work to do hard things that benefit the greater good.

One such hacker is Kyle Lovett — who in June 2013 discovered “a gaping vulnerability in wireless routers you might have in your home or office,” Elazari says, a vulnerability that allowed hackers to easily access users’ files and passwords. Choosing not to use this leak for his own advantage, Lovett reported the vulnerability to the manufacturer. Eight months later, the manufacturer still had not repaired the bug, so Lovett used the leaky routers to send a message directly to their users, letting them know just how vulnerable they are to hacks, and encouraging them to ask the manufacturer to fix the flaw.

This shows that — whether we want them to or not — hackers will discover the things that are broken in our world, Elazari says, and either report them or exploit them. If companies as progressive as Facebook — companies “founded by hackers,” Elazari says — still have a complicated relationship with hackers, how will more conservative organizations fare when dealing with hacker culture? This is something we need to address, Elazari asserts, because — more and more — in a changing world, with a growing dependence on technology, hackers are key players. “It’s worth the effort,” she says, “because the alternative, to blindly fight all hackers, is to go against a power you can’t control.”

The power of a creative, intelligent, engaged and curious hacker is immense, Elazari says, and not just regulated to Facebook accounts or local ATMs. “Hackers can do a lot more than break things,” she says. Hackers were key players in the Egyptian revolution, she explains, noting how the group Telecomix worked to provide Egyptians with dial-up access to the Internet — asking two European ISPs to switch old phone-line modems back on — after Mubarak shut down all Egyptian ISPs, “This worked so well one guy used it to download an episode of How I Met Your Mother,” she laughs, “… and when the same thing happened in Syria, Telecomix were ready.”

The power hackers yield is great and is one of information, Elazari says, and right now, in the digital age, “access to information is a critical currency of power.” Hackers are shaping our future whether we like it or not, Elazari explains, and it’s up to us whether we want to help them make it better … or believe they will make it worse.

But the most fundamental characteristic of a hacker, according to Elazari? “They can’t just see something broken in the world and leave it be.” So, she says, “I think we need them to do just that, for after all, it’s not just information that wants to be free. It’s us.”

]]>http://blog.ted.com/some-hackers-are-bad-but-a-lot-are-good-keren-elazari-at-ted2014/feed/7TED2014_DD_DSC_8954_1920haileyreissmanThe internet, the perfect tool for the surveillance state? Further reading (and watching) on the state of digital privacyhttp://blog.ted.com/reading-on-the-state-of-digital-privacy-nsa-surveillance/
http://blog.ted.com/reading-on-the-state-of-digital-privacy-nsa-surveillance/#commentsThu, 07 Nov 2013 18:47:41 +0000http://blog.ted.com/?p=83468[…]]]>

Mikko Hypponen speaks just last week at TEDxBrussels, expressing outrage at the NSA.

“We already knew this.” “It’s necessary for the War on Terror.” “Other countries are doing it too.” “But I have nothing to hide.” These are the most common reasons people express for not feeling outrage over the revelations this year that the United States’ National Security Agency has been involved in widespread surveillance.
Mikko Hypponen: How the NSA betrayed the world's trust -- time to act
In today’s blistering talk, security expert Mikko Hypponen shares why he is hopping mad about the NSA’s actions, and why every user of the internet should be equally enraged. Because at the end of the day, he says, these rationalizations obscure a shocking fact: because the world relies on American companies for its information needs, virtually every user of the internet is being watched.

Digital privacy is, obviously, something on many of our minds. Below, a collection of articles, think pieces, op-eds and TED Talks on the state of digital privacy, some that echo Hypponen’s vigor and some that offer differing opinions.

2. The deep look at the data. The New York Times and The Guardian have just completed a pair of in-depth analyses of the documents they received from Snowden in June. Both concluded that no information, no matter how small or seemingly irrelevant, escaped the NSA’s purview. The New York Times described the NSA’s strategic plan as that of an “electronic omnivore… eavesdropping and hacking its way around the world to strip governments and other targets of their secrets.” According to the leaked documents, only 35% of the NSA’s efforts are focused on collecting information on terrorist activities. The NSA is spying on both friends and foes, using information to gain “diplomatic advantage” over US allies like France and Germany, and “economic advantage” over growing economies like Japan and Brazil.

3. A new revelation this week: evidence that the NSA and (its British counterpart) GCHQ hacked Google and Yahoo. In his talk, Hypponen points out how strange it is that, while leaked documents show the exact dates that the NSA began monitoring major American providers, many of these providers had also stated publically that they hadn’t given backdoor access. Just days after Hypponen’s talk was delivered, new evidence emerged that Google and Yahoo had indeed been hacked — not by tapping into the software, but by tapping into their private networks via leased fiber. This Washington Post article gives a nice explanation of how we know that the NSA had access to internal cloud data from these companies. And read Google’s hopping mad response to this news, which they call “industrial scale subversion.” A member of the TED tech team points out that this doesn’t necessarily support the solution Hypponen shares in his talk — to create alternatives to American providers. “This was not happening just within the US, but on international soil as well,” he explains.

4. A valid question: who is watching the watchers? In late October, another new wrinkle in this story emerged, which Hypponen mentions in his talk — that the NSA was monitoring the telephones and emails of 35 world leaders, including Angela Merkel of Germany, Dilma Rousseff of Brazil and Felipe Calderón of Mexico. And apparently, President Barack Obama did not sign off on this … or even know about it until an internal review in the wake of the NSA revelations this summer. Here, the Washington Post breaks that story, while John Cassidy of the New Yorker thinks more deeply about what it means, writing, “From the very beginning of this, the biggest question has been about the supervision—or lack of supervision—of the spying agencies: Who watches the watchers?”

5. Another interpretation of NSA outrage: a battle for power on the internet. In this talk from TEDxCambridge, security expert Bruce Schneier (the man who pointed out “The security mirage”) gives a fascinating analysis of why revelations of NSA, GCHQ and other government surveillance programs are so shocking — because they represent a shift. For the first part of the internet’s history, the medium gave power to those traditionally without it — to individuals and grassroots organizers. But now, the internet is increasingly becoming a tool for traditional powers like governments and international corporations. So where does this leave the majority of citizens? Stuck in the middle, says Schneier. (Bonus: Read both Schneier and Hypponen’s initial take on the revelations of NSA surveillance, given to the TED Blog this summer.)

6. An alternative cloud service. In his talk, Hypponen ends with a call for people outside of the United States to band together to create Open Source, secure alternatives to American internet companies. And Hypponen’s company, F-Secure, has just launched one such alternative: Younited, a personal cloud service hosted in Finland, which has strict privacy laws. Hypponen writes of the service, “It’s high time for a fresh European alternative to enter the market, taking the existing Internet behemoths head on. What the world needs now is a cloud storage service that is not subject to uncontrolled access by intelligence agencies.”

7. But is Open Source the answer? TED’s tech team is not convinced. “I’d rather trust an open source project than a closed one any day of the week. But Open Source is not a silver bullet,” says one team member. “You can see even back in 2003 people tried to back door the Linux kernel. This patch was submitted in a strange way so it was caught but the code looks so innocent that if it was part of a normal merge it might not have been caught. Those three lines of code would give anyone root access — god access on linux systems. As of 2012, there are over 15 million lines of code.” Just for fun, he suggests watching this YouTube clip of what happened recently when the creator of the Linux kernel was asked if he has been approached by the NSA about giving backdoor access, as it will definitely scare you. And another team member agrees: “The solution is not so much Open Source and governments, but probably strengthening the whitehat community around Open Source.”

8. Another rebuttal to Hypponen: why we can’t cut off the data flow between the U.S. and the world. Cameron Kerry, the General Counsel of the US Department of Commerce, recently gave a speech warning against a solution like the one Hypponen forwards. According to the blog The Hill, Kerry argues that cutting off the flow of data between Europe and the United States would be a mistake. “It would cause significant and immediate economic damage,” he says. “Moreover, it would lead to loss of competitiveness on both sides, as other economies around the world that embrace open Internet architectures and freedom to experiment with data analytics offer havens for innovators … Our economic future is at stake in our international engagement.” (Note: Kerry will speak soon at TEDxBeaconStreet.)

9. The end of the internet? Security experts are echoing Kerry’s concerns: according to The Guardian, they are now warning that this data collection policy might lead to the dissolution of the Internet as we know it. Countries like Brazil, Germany and India have begun encouraging regional online users to route their data locally rather than over the monitored US and UK servers. Indian government employees, for example, have been advised not to use the US-based Gmail, and to type up sensitive documents on typewriters, rather than on a computer. For a system that is based on interconnectivity, the implications of a fractured and localized Internet pose a threat to the network, global economies, and our access to information.

9. In defense of the program. Meanwhile, U.S. officials are standing firmly in support of the NSA surveillance program, insisting that it is effective and necessary. General Keith B. Alexander, director of the NSA, said last month that he saw no effective alternative to the government’s program of collecting electronic metadata in the fight to prevent terrorism. Senator Dianne Feinstein, chairman of the Senate Intelligence Committee, published an op-ed in USA Today strongly defending the program, arguing that the program has been effective in helping to prevent terrorist plots against the U.S. and its allies. And, for the first time, information collected by the NSA is being used to build a criminal case around a suspected terrorist. Jamshid Muhtorov, who is accused of supporting the Islamic Jihad Union, was informed that data collected in his private communications was used to arrest him. This case is expected to precipitate further legal action and possibly head to the Supreme Court.

11. Other major threats to privacy: facial recognition, social media, and cell phone GPS. In his recent TED Talk, “Why privacy matters,” behavioral economist Alessandro Acquisti sounded a warning bell on the fact that facial recognition abilities are exponentially improving while, meanwhile, the line between personal and public is blurring via social networking sites. In his talk, he warns that we are about to have an Adam and Eve moment — where all of a sudden, we realize we aren’t wearing any clothes. “Any personal information can become sensitive information,” he says. (Read the TED Blog story: The future of facial recognition.) In another chilling TED Talk, “Your cell phone company is watching,” German politician Malte Spitz shares what happened when he asked his cell phone company to share the data they were collecting on him. The result: 35,830 lines of code that added up to a nearly minute-by-minute account of half a year of his life.

Liz Jacobs contributed heavily to this article.

]]>http://blog.ted.com/reading-on-the-state-of-digital-privacy-nsa-surveillance/feed/16TEDx Brussels 2013katetedSecurity experts Bruce Schneier and Mikko Hypponen on the NSA, PRISM and why we should be worriedhttp://blog.ted.com/security-experts-on-the-nsas-real-problems/
http://blog.ted.com/security-experts-on-the-nsas-real-problems/#commentsWed, 17 Jul 2013 19:08:30 +0000http://blog.ted.com/?p=79843[…]]]>As Edward Snowden is linked to one country after the next, the media has its eye fixed on where he will next request asylum. (Today, it’s Russia.) Meanwhile, back at US headquarters, as NSA officials speak in a House Judiciary Committee hearing, the agency is still doing what it’s doing. To get more information on exactly what that means, the TED Blog wrote to two security experts, Bruce Schneier (watch his talk) and Mikko Hypponen (see his talk), to ask them about what it is we should be worried about. Turns out, pretty much everything.

For people who work in security, is the existence of PRISM surprising? Which aspects of it are routine or expected or even necessary, and which are genuinely dangerous?

Bruce Schneier: First, be careful with names. PRISM is a specific NSA database, just a part of the overall NSA surveillance effort. The agency has been playing all sorts of games with names, dividing their efforts up and using many different code names in an attempt to disguise what they’re doing. It allows them to deny that a specific program is doing something, while conveniently omitting the fact that another program is doing the thing and the two programs are talking to each other. So I am less interested in what is in the specific PRISM database, and more what the NSA is doing overall with domestic surveillance.

The Snowden documents reveal NSA’s broad surveillance against Americans. Those of us who watch the NSA know that their goal is to eavesdrop on everything, but the scope and extent of their domestic surveillance was surprising. Our laws are supposed to protect against this sort of abuse, but in the years after the 9/11 terrorist attacks they failed pretty severely. Also surprising was the tortured legal reasoning used to justify these surveillance programs, and the extent to which the FISA [Foreign Intelligence Surveillance Act] court failed to provide any meaningful oversight.

None of this is routine, none of this is necessary. All of it is dangerous. I live in a country where secret judges make secret rulings based on secret laws — where there is a body of secret law. That’s not how America is supposed to be, and that’s extremely dangerous.

What data, exactly, is being collected about American citizens? What isn’t?

Bruce Schneier: We don’t know what is being collected exactly, but a safe assumption is that approximately everything is being collected. Computers generate transaction data as a byproduct of their operation. And since pretty much everything we do is mediated by computers in some way, pretty much everything we do generates some form of personal data. The NSA is trying to collect all of it. So think of everything you do on the Internet: browsing, shopping, chatting, friending. Think of everything you do on your phone, including where you are. Think of everything you do financially that doesn’t involve cash, and so on and so on. We know that all of this is being collected by the NSA, and stored in databases such as PRISM.

Mikko Hypponen: That’s a good question, and it’s exactly the wrong question to ask. Much of the recent outrage about the surveillance programs has been about the monitoring of U.S. Citizens, as it’s probably illegal. However, U.S. intelligence has the legal right to monitor foreign communications as they go through to U.S. service providers. However, even though something is legal doesn’t make it right. I’m not American; I don’t really care about what data is being collected about American citizens. I’m worried about us, the foreigners. After all, we foreigners make up 96 percent of the people on the planet.

The United States has an unfair advantage, as most of the popular cloud services, search engines, computer and mobile operating systems or web browsers are made by U.S. companies. When the rest of the world uses the net, they are effectively using U.S.-based services, making them a legal target for U.S. intelligence.

But foreigners are not automatically criminals or terrorists. And in a surveillance state, everybody is assumed guilty.

What, if anything, can citizens do to protect themselves from potentially unlawful uses of PRISM?

Bruce Schneier: A rogue NSA is a political problem, and the solutions are political. We need elected officials that will reign the agency in. We need judges and courts that will respect the Constitution and enforce the law. Seems far-fetched, I agree, but that’s our only solution.

Mikko Hypponen: Unfortunately, there’s nothing individual users can do to change what the U.S. is doing. The only things that can be effective are 1) political pressure and 2) alternative services. We’re seeing very weak political pressure coming from the EU parliament and from world leaders in general. They just don’t seem to be willing to take the U.S. on for this. Alternative services would mean that there would be services available to compete with Google, Facebook, Amazon, Dropbox, Skype, etc., and they would be run by companies not based in the U.S.A. The rest of the world has simply failed in being able to compete with them, and we really should be doing better here.

What aspects, if any, of the leak of PRISM pose a risk to national security?

Bruce Schneier: It’s not public knowledge of PRISM that poses a risk to national security, it’s the database itself — and the other databases with other names, and the NSA in general. Massive invasions of privacy without counterbalancing transparency and oversight are very dangerous to the security of our nation. It’s the reason our Constitution forbids it, and the reason we don’t look longingly at other governments that treat their citizens in this way.

The leak is the best thing that could happen to national security, because it gives us a chance at fixing these genuine threats.

Where did the government go wrong, and what can they do better?

Bruce Schneier: Basically, they went wrong by breaking the law. And then can do better by following the law. More specifically, the government went wrong right after the terrorist attacks of 9/11. They reacted out of fear, and in a mistaken attempt to be more secure, they gave the NSA free reign to engage in mass domestic surveillance. A recent op-ed in The New York Times called the NSA a criminal organization. That’s a good characterization of what’s going on right now, and we all need to demand better out of our government.

Cybersecurity specialist James Lyne takes the TED2013 stage to show us some of the newest and nastiest creations that cybercriminals have designed to steal data, make off with billions of dollars, watch people through their webcams and target power and utility companies. Every day, he says, about 250,000 new pieces of malware are created and 30,000 websites infected.

“People think that, if you get a computer virus, you’ve been on a porn site,” says Lyne, of the security firm Sophos. “Actually, statistically speaking, if you only visit porn sites you’re safer.” Shockingly, 80% of infecting sites are actually small businesses or other legitimate enterprises that have themselves been infected.

The world of malware is becoming commercialized. Cybercriminals now advertise online, offering their services for $10 to $50 per hour. Lyne shows this video as an example.

There are sites where you can test a virus to make sure it works before unleashing on the world, and sophisticated services for tracking your malware. Some of these services even offer customer support.

So what are some ways to infect a computer with malware? In addition to the old “Hello, I’m a Nigerian banker,” you could, perhaps, walk into a corporate lobby with a copy of your resume soaked in coffee, and make a sad face and ask the receptionist to plug in a USB key and print you a new copy. Or perhaps you can target a website that has an insecure comments section; anyone who visits the page will then be infected. And there’s a new tactic that Lyne has noticed — creating a virus that pops open a fake anti-virus protection software window on a person’s screen. By clicking the button, not only does a person give a hacker access to their computer, but might even pay for the privilege.

So many stories about cybercrime are terrifying. But Lyne has a success story to share — a time he was able to track the group of cybercriminals behind the Koobface malware. This group didn’t protect their malicious code, which was written to send each of them a text message daily to show them how much money they’d accumulated. In other words, Lyne’s team had their phone numbers. From there, he could tell they were located in Russia.

Because many smartphones embed GPS data about where photo is taken, Lyne was able to find the hackers’ exact location through photos they uploaded to Flickr. From there, Lyne’s team generated a 27-page report filled with information about this group — including an ad one of them had posted for the sale of kittens, shots from a fishing trip, a photo of their office on the third floor of a building and images from the office Christmas party. He eventually even found their bank accounts.

Sadly, Lyne reveals that this report wasn’t enough to bring these hackers to justice. Most laws pertaining to cybercrime are national, and because there is no common definition between countries, this group is still at large.

Lyne stresses that, for the time being, the onus is on individuals to protect themselves by creating different passwords for different websites and using basic internet safety protocols. For example, don’t upload smartphone photos to an online dating site — Lyne has found that 60% of photos there contain location data. But vulnerabilites can be even more subtle than that. As you move through the world, using your phone to connect to wireless networks Lyne warns that you are “beaming a list of the wireless networks you’ve previously connected to.”

Lyne collected data on the TED2013 audience by tracing these signals:

23% had been to Starbucks recently

46% could be linked to a specific business

761 could be traced to a specific hotel

And 234 could be traced to coordinates of their homes

“As we play with these shiny new toys, how much are we trading off convenience over privacy and security?” asks Lyne. “The internet is a fantastic resource for business, art and learning. Help me and the security community make life much more difficult for cybercriminals.”